make update verify work in staging with dep signing
Categories
(Release Engineering :: Release Automation: Updates, enhancement, P1)
Tracking
(firefox-esr60 fixed)
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | fixed |
People
(Reporter: bhearsum, Unassigned)
References
Details
(Keywords: leave-open)
Attachments
(6 files, 5 obsolete files)
46 bytes,
text/x-phabricator-request
|
robert.strong.bugs
:
review+
|
Details | Review |
46 bytes,
text/x-phabricator-request
|
nthomas
:
review+
|
Details | Review |
10.02 KB,
patch
|
bhearsum
:
checked-in+
|
Details | Diff | Splinter Review |
46 bytes,
text/x-phabricator-request
|
robert.strong.bugs
:
review+
mshal
:
review+
|
Details | Review |
46 bytes,
text/x-phabricator-request
|
tomprince
:
review+
|
Details | Review |
46 bytes,
text/x-phabricator-request
|
ted
:
review+
|
Details | Review |
Reporter | ||
Comment 1•6 years ago
|
||
Reporter | ||
Comment 2•6 years ago
|
||
Comment 3•6 years ago
|
||
Reporter | ||
Updated•6 years ago
|
Updated•6 years ago
|
Reporter | ||
Comment 6•6 years ago
|
||
Reporter | ||
Comment 7•6 years ago
|
||
Comment 8•6 years ago
|
||
Comment 9•6 years ago
|
||
Reporter | ||
Comment 10•6 years ago
|
||
Reporter | ||
Comment 11•6 years ago
|
||
Comment 12•6 years ago
|
||
Comment 13•6 years ago
|
||
bugherder |
Reporter | ||
Comment 14•6 years ago
|
||
Comment 15•6 years ago
|
||
Comment 16•6 years ago
|
||
Comment 17•6 years ago
|
||
Comment 18•6 years ago
|
||
Reporter | ||
Comment 19•6 years ago
|
||
Comment 20•6 years ago
|
||
Reporter | ||
Comment 21•6 years ago
|
||
Comment 22•6 years ago
|
||
bugherder |
Reporter | ||
Comment 23•6 years ago
|
||
Comment 24•6 years ago
|
||
Comment 25•6 years ago
|
||
bugherder |
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Comment 26•6 years ago
|
||
Reporter | ||
Comment 27•6 years ago
|
||
Comment 28•6 years ago
|
||
Comment 29•6 years ago
|
||
Comment 30•6 years ago
|
||
bugherder |
Reporter | ||
Comment 31•6 years ago
|
||
Reporter | ||
Comment 32•6 years ago
|
||
Reporter | ||
Comment 33•6 years ago
|
||
Reporter | ||
Comment 34•6 years ago
|
||
Reporter | ||
Updated•6 years ago
|
Comment 35•6 years ago
|
||
Comment 36•6 years ago
|
||
uplift |
Comment 37•6 years ago
|
||
Comment 38•6 years ago
|
||
bugherder uplift |
Reporter | ||
Comment 39•6 years ago
|
||
Tom, it appears you got update verify working on try without the dep updater work. Do you think this part is still needed?
Comment 40•6 years ago
|
||
The binary hacking code seems to work well enough, that I'm not sure it worth spending more time getting working. If we do, we should consider publishing the dep-updater as a toolchain (so it can be accessed via the index), rather than publishing to archive.m.o.
Reporter | ||
Comment 41•6 years ago
|
||
(In reply to bhearsum@mozilla.com (:bhearsum) from comment #21)
OK, so we're now at a state where staging releases will work fine when dep
signed, because we do cert replacement as part of update verify. This is
still only intended to be a short term fix until we watershed at a version
that includes the new dep updater -- then we can download that instead of
doing cert replacement in the real updater.To do that, I believe we'll need to:
- Start beetmoving the dep updater into the candidates directory
- Adjust the update verify config generator to point at it for the updater
package (only for staging)- Ensure update verify can download/unpack/use it correctly
It's worth pointing out that using the dep updater means that we won't use
localized updater binaries to apply updates -- but I think that's an OK
trade-off to make for staging (the alternative is to continue using the more
fragile cert replacement indefinitely). If anybody thinks this is a bad
idea, I'm open to reconsidering it.
Given how long the cert replacement has been working for, I'm going to call this fixed. If we want to come back and finish up with the dep updater later, we can do that.
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Description
•